I'll confess to not knowing much about of anything about digital cert authentication: how can you get a users credentials from an HttpServletRequest when you have digital certificate authentication configured in your application server? Or do you get credentials somewhere else?
If it helps at all, much of our authentication happens in the class com.jivesoftware.community.web.webwork.AuthInterceptor.
Thanks for your reply. You would get the digital certificate information like this:
X509Certificate certs = (X509Certificate) request.getAttribute("javax.servlet.request.X509Certificate");
X509Certificate clientCert = certs;
Do you know how you would set up a custom authentication module using this method?
I think you'll want to check out the documentation for creating a custom AuthFactory. Specifically, you'd implement a custom version of:
AuthToken createAuthToken(HttpServletRequest request, HttpServletResponse response)
based on the code you pasted above. That help?